Check an IP Address, Domain Name, Subnet, or ASN

192.253.248.169 was found in our database!

$ whois 192.253.248.169

country·🇮🇷 Iran

isp·Limited Network LTD

asn·AS213790

network·Standard

$ sikker risk 192.253.248.169scoring →

confidence

98%Very High

first_seen·Mar 31, 2026

last_seen·2h ago

sessions·577

events·577

$ sikker protocols 192.253.248.169

HTTP

334 / 334

HTTPS

243 / 243

$ sikker summary 192.253.248.169

192.253.248.169 has a threat confidence score of 98%. This IP address from Iran (AS213790, Limited Network LTD) has been observed in 577 honeypot sessions targeting HTTP, HTTPS protocols. Detected attack patterns include https dotenv environment file exposure probe. First observed on March 31, 2026, most recently active April 3, 2026.

$ sikker behaviors 192.253.248.169catalog →

highHttps Dotenv Environment File Exposure Probe12x

Identifies an HTTPS request targeting a .env file in the web root or application directory. Access attempts to /.env indicate automated scanning for exposed environment configuration files that may contain application secrets, database credentials, API keys, or cloud tokens. This probe is commonly associated with opportunistic internet-wide scanning for misconfigured web deployments.

infoHttps Root Path Request24x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttp Bad Request Route Probe1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

$ sikker primitives 192.253.248.169

https_path_root24 https_path_dotenv12 http_method_get2 http_path_bad_request1 https_path_app_dotenv1

$ sikker related 192.253.248.169

🇮🇷·More threats fromIran→AS·More threats fromLimited Network LTD→HTTP·More threats targetingHTTP→HTTP·More threats targetingHTTPS→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
77.90.185.16	84%	3,638
172.94.9.253	100%	2,118
77.90.185.17	92%	30,993
77.90.185.118	97%	11,490
185.93.89.193	53%	133

IP Address	Confidence	Events
77.90.185.16	84%	3,645
62.60.130.21	96%	2,015
77.90.185.17	92%	30,994
172.94.9.253	100%	2,118
77.90.185.118	97%	11,490